[Cryptography] The ultimate random source

Bill Stewart bill.stewart at pobox.com
Wed Feb 19 18:00:04 EST 2014

At 11:04 AM 2/19/2014, Arnold Reinhold wrote:
>On Tue, 18 Feb 2014 23:09 Christian Huitema pointed out:
> > If you rely on a capped camera to generate white noise, you may 
> be out for a surprise with at least some cameras. There is a lot of 
> filtering and processing that happens on board the camera itself, 
> e.g. conversion from Bayer pattern to YUV or RGB, firmware that 
> enhances the image, compression to JPEG before transmission on the 
> USB bus, cropping and resizing on demand, etc. I would not be 
> surprised if some cameras, when capped, just transmit a black image.

You certainly don't want a good camera; what you need is a really 
dumb one.  (Unfortunately, dumb and cheap aren't always synonymous 
these days, since it may be cheaper to use commodity silicon that 
already compensates for whatever you were hoping not to have compensated for.)

>While we are on the topic of building an auditable RNG, another 
>possible element to include in the scene that the camera captures is 
>a television screen tuned to a live channel, perhaps a 24-hour news 
>station such as CNN, Fox or Bloomberg. This would allow verification 
>that an image was taken no earlier than when the TV content was 
>first aired.  A time stamp service could be used to certify a "no 
>later than" date.

Can't use Fox News, it's just always the same blather :-) (Ok, 
obvious cheap shot, and MSNBC runs reruns of Maddow and other shows a 
couple of times a day.)
Can't use CNN, because the 24-hour news cycle means the same stories 
get run pretty much the same way multiple times, though the different 
text crawls may not be in sync with the news.
Can't just point the camera out the window, even in foggy San 
Francisco, because it gets dark at night, and because your data 
center probably doesn't have windows.

Even auditing is difficult; a bit difficulty with USB as a connection 
method means it's easy to replace your camera with a video player.

More information about the cryptography mailing list